there is already a HowTo on how to create an encrypted loop-back "file system". it doesn't encrypt the whole disk, but it could certainly hold anything worth having encrypted.
don't get me wrong, i fully understand the reasons behind putting the entire system behind a good pass-phrase. with the way *nix's put configuration files, data files, manuals, binaries, etc in so many different places, the only way to be absolutely sure would be to encrypt everything. but that only works at startup. if the system is running, having the entire disk encrypted is no different than the fact it's all in hex already. an individual user based encryption means all you have to do is logout, not power down, to kill the "decryption" process and thwart snooping. so how about a start-up passphrase protecting everything owned by root, then another for each individual user? but that would cancel root's ability to read everything.... hmmm..... Curt- -----Original Message----- From: Paul Lowe [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 30, 2001 12:03 To: clemens; [email protected] Subject: Re: root fs/crypted I like this. Would it be difficult to modify Debian, so that upon install, it creates an encrypted root volume and starts things off the right way?
